Bank of England CIO’s guide to cloud’s payoffs and pitfalls
Image: Alamy
Share on LinkedIn
Share on Xing

Bank of England CIO’s guide to cloud’s payoffs and pitfalls

Jim Mortleman — August 2014

John Finch, CIO of the UK’s central bank, offers a checklist of concerns and considerations for those embarking on the cloud journey.

Given its role as the UK’s central bank, the Bank of England is a naturally conservative institution — and that shows in its cautious, but well-considered, attitude to cloud computing.

E John Finch credit Bank of England

The Bank operates a virtualized private cloud as a means of managing workload efficiently and to provide failover across different sites. To date, though, it has only made use of public clouds for services such as the online hosting of its public-domain documents and publications. And according to John Finch, CIO at the Bank and previously the CIO of credit report giant Experian, it will continue to be very selective when it comes to future moves. “We’ve identified a number of other services that are really applicable to internal cloud, such as records management, and we’re starting to build proofs of concept. But we still have a long way to go,” he says.

Such careful consideration has provided a useful set of caveats that Finch is keen to share:

Run your own numbers  One of cloud’s main (if short-term) attractions result from the shift from capital to operational expenditure on IT. But, counsels Finch, buyers shouldn’t rely on the cost-benefit analysis produced by their suppliers’ accountants. “Don’t let how [suppliers’] bean-counters count their beans determine your critical IT strategy.” Work out the numbers from your specific business’s perspective, then do the analysis with your own or independent financial experts, he says.

• Beware of cloud sprawl  Cloud computing offers considerable benefits in terms of allowing organizations to deploy and scale systems quickly. But, says Finch, decisions over whether to adopt different cloud services must not be open to everyone but firmly rooted in business and strategic IT considerations. “The cloud genuinely offers the opportunity to expand and contract IT capabilities as needed. It can cut lead times and the need for any long and complex implementation of infrastructure. But there are many variants of how you can scale using [suppliers’] infrastructure and capabilities — no one size fits all,” he says.

• Know the rules Gain a firm understanding of the regulatory, compliance, contractual, security and performance implications before any move to cloud, says Finch. It’s important to find answers to a series of tricky questions before signing on the dotted line. “For instance, do you know the location of the boxes your services will be running on and any legislation that covers those boxes? Where is the company that’ll be doing your processing domiciled? If they are a US company, for example, even if their data center is in the UK or elsewhere in Europe, it’s likely your data and processing will be subject to the US Patriot Act,” he adds.

• Don’t rush into contracts  Finch says organizations need to make sure they don’t sign up to agreements that ultimately negate any benefits they are trying to achieve. “Sure, cloud services can give you a low cost of entry into new markets when you don’t want to build your own infrastructure, but will the contract allow you to grow at a diminishing marginal cost, for example?” he asks.

• Avoid service lock-in Just as with previous generations of technology, there is a danger of locking your organization into a particular service, he says. “Even if you can get out of the contract, you need to be sure the work you’ve put in on a particular supplier’s cloud platform doesn't mean it's too much effort to leave.”

• Stay safe  Security is of paramount importance. “When you go to a third-party provider, you’re placing some of your information security profile in their hands. It might not matter so much if they’re, say, running your fleet of cars via a cloud service, but when you’re looking at moving core services you need to understand the security and compliance implications fully.”

• Performance guarantees While vendors may make impressive performance and availability claims, the proof comes only when the service is online and under pressure from your organization and the joint tenants hosted on the service. Finch says buyers must be sure that providers can really guarantee the performance levels their organization needs.

John Finch was speaking at Cloud World Forum in London. (See other CIO/CTO keynotes from the 2014 event)

First published August 2014
Share on LinkedIn
Share on Xing

    Your choice regarding cookies on this site

    Our website uses cookies for analytical purposes and to give you the best possible experience.

    Click on Accept to agree or Preferences to view and choose your cookie settings.

    This site uses cookies to store information on your computer.

    Some cookies are necessary in order to deliver the best user experience while others provide analytics or allow retargeting in order to display advertisements that are relevant to you.

    For a full list of our cookies and how we use them, please visit our Cookie Policy

    Essential Cookies

    These cookies enable the website to function to the best of its ability and provide the best user experience for you. They can still be disabled via your browser settings.

    Analytical Cookies

    We use analytical cookies such as those used by Google Analytics to give us information about the way our users interact with - this helps us to make improvements to the site to enhance your experience.

    For a full list of analytical cookies and how we use them, visit our Cookie Policy

    Social Media Cookies

    We use cookies that track visits from social media platforms such as Facebook and LinkedIn - these cookies allow us to re-target users with relevant advertisements from

    For a full list of social media cookies and how we use them, visit our Cookie Policy